We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

DMARC Verification

  • Last updated on

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a sender email authentication mechanism that provides protection against phishing attacks, and improves spam accuracy by blocking spam in spoofed messages. This feature is available using the Cloud Protection Layer (CPL) with your Barracuda Email Security Gateway and requires contacting Barracuda Technical Support to enable.

Domain-Based Message Authentication, Reporting, and Conformance

DMARC is built on top of the email authentication mechanisms Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM); you must have both an SPF and a DKIM record published for the domain to set DMARC policies. For more information about SPF and DKIM, see Sender Authentication.


DMARC overrides DKIM and SPF settings if the following conditions are true:

  • DMARC is enabled
  • The sender's domain is not exempted from DMARC
  • The sender's domain has a valid DMARC DNS TXT record (_dmarc.example.com)
  • The policy specified by the sender's DMARC record indicates reject or quarantine

Specify DMARC policy settings on the Inbound Settings > Sender Authentication page in the CPL web interface:

  • Enable DMARC – When set to Yes, DMARC enables a sending domain to specify policy for messages that fail DKIM or SPF. When set to No, the Barracuda Email Security Gateway does not run DMARC checks for inbound messages and the SPF and DKIM policy settings are used to verify the IP address range and sending domain.

Additionally, you can select to exempt specific domains from DMARC verification.

Last updated on